Skip Menu | | Logout
Logged in as guest
RT for openssl.org
 
 
#1629: BUG: SSLv3 only client broken with some servers
X  Ticket metadata  
X  The Basics  
Id: 1629
Status: resolved
Left: 0 min
Priority: 0/0
Queue: OpenSSL-Bugs

X  Custom Fields  
Milestone:
  • (no value)
Subsystem:
  • (no value)
Severity:
  • (no value)
Broken in:
  • (no value)

X  People  
Owner: steve <steve@openssl.org>
Requestors: tmraz@redhat.com
Cc:
AdminCc:

X  Dates  
Created: Sat Jan 05 15:00:31 2008
Starts: Not set
Started: Not set
Last Contact: Sun Apr 26 18:51:01 2009
Due: Not set
Closed: Wed Apr 29 00:36:19 2009
Updated: Wed Apr 29 00:36:20 2009 by steve

X  Links  
Depends on:
Depended on by:
Parents:
Children:
Refers to:
Referred to by:

X  Attachments  
openssl-sslv3-no-tlsext.patch

X  More about Tomas Mraz  
Comments about this user:
No comment entered about this user
This user's 10 highest priority tickets:
Groups this user belongs to:
  • Everyone
  • Unprivileged

X  History Display mode:[Brief headers] [Full headers]
#     Sat Jan 05 15:00:32 2008  tmraz@redhat.com - Ticket created    
Subject: BUG: SSLv3 only client broken with some servers
Date: Wed, 12 Dec 2007 22:49:06 +0100
To: rt@openssl.org
From: Tomas Mraz <tmraz@redhat.com>
Download (untitled)
text/plain 1.3k
OpenSSL 0.9.8g SSLv3 only client (with tlsext support compiled in) is
broken when communicating with some servers.

Example:
openssl s_client -ssl3 -connect irc.mozilla.org:6697 -debug
CONNECTED(00000003)
write to 0x67f3c0 [0x6891b0] (111 bytes => 111 (0x6F))
0000 - 16 03 00 00 6a 01 00 00-66 03 00 47 60 56 dc 7a ....j...f..G`V.z
0010 - f6 39 00 47 08 6c 19 46-2e b6 c9 85 b6 68 88 59 .9.G.l.F.....h.Y
0020 - e3 0e 79 96 df e1 68 ff-ea d0 0a 00 00 38 00 39 ..y...h......8.9
0030 - 00 38 00 35 00 88 00 87-00 84 00 16 00 13 00 0a .8.5............
0040 - 00 33 00 32 00 2f 00 9a-00 99 00 96 00 45 00 44 .3.2./.......E.D
0050 - 00 41 00 05 00 04 00 15-00 12 00 09 00 14 00 11 .A..............
0060 - 00 08 00 06 00 03 02 01-00 00 04 00 23 ............#
006f - <SPACES/NULS>
read from 0x67f3c0 [0x6849a0] (5 bytes => 5 (0x5))
0000 - 15 03 00 00 02 .....
read from 0x67f3c0 [0x6849a5] (2 bytes => 2 (0x2))
0000 - 02 28 .(
5468:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1053:SSL alert number 40
5468:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:

--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
#     Tue Feb 26 21:02:25 2008  ossl-rt@velox.ch - Correspondence added    
Subject: [openssl.org #1629] BUG: SSLv3 only client broken with some servers
Date: Tue, 26 Feb 2008 20:55:52 +0100
To: rt@openssl.org
From: Kaspar Brand <ossl-rt@velox.ch>
Download (untitled)
text/plain 892b
> OpenSSL 0.9.8g SSLv3 only client (with tlsext support compiled in) is
> broken when communicating with some servers.
This is due to the fact that when compiled with enable-tlsext, OpenSSL
will currently also include TLS extensions in an SSLv3 ClientHello. In
the example shown, it's actually the session ticket TLS extension which
confuses irc.mozilla.org (turning it off with "-no_ticket" will make the
problem with this particular site go away).

While it's not a protocol violation to include extensions in an SSLv3
hello message, strictly speaking (the SSLv3 specification permits "to
include extra data after the compression methods"), I don't think it's
of any real use.

To improve interoperability, I would recommend to not add any TLS
extensions when speaking SSLv3 - as implemented by the attached patch
(against HEAD, but also applies cleanly to openssl_0_9_8-stable).

Kaspar
Download openssl-sslv3-no-tlsext.patch
text/plain 852b
Index: ssl/t1_lib.c
===================================================================
 RCS file: /home/ossl-cvs/openssl/ssl/t1_lib.c,v
retrieving revision 1.51
diff -p -u -r1.51 t1_lib.c
--- ssl/t1_lib.c 26 Oct 2007 12:06:35 -0000 1.51
+++ ssl/t1_lib.c 26 Feb 2008 18:02:50 -0000
@@ -267,6 +267,10 @@ unsigned char *ssl_add_clienthello_tlsex
int extdatalen=0;
unsigned char *ret = p;

+ /* don't add extensions for SSLv3 */
+ if (s->client_version == SSL3_VERSION)
+ return p;
+
ret+=2;

if (ret>=limit) return NULL; /* this really never occurs, but ... */
@@ -448,6 +452,10 @@ unsigned char *ssl_add_serverhello_tlsex
int extdatalen=0;
unsigned char *ret = p;

+ /* don't add extensions for SSLv3 */
+ if (s->version == SSL3_VERSION)
+ return p;
+
ret+=2;
if (ret>=limit) return NULL; /* this really never occurs, but ... */
#     Tue Feb 26 21:02:27 2008  RT_System - Status changed from 'new' to 'open'    
#     Sun Apr 26 18:51:00 2009  ossl-rt@velox.ch - Correspondence added    
Subject: [openssl.org #1629] BUG: SSLv3 only client broken with some servers
Date: Sun, 26 Apr 2009 19:39:48 +0200
To: rt@openssl.org
From: Kaspar Brand <ossl-rt@velox.ch>
Download (untitled)
text/plain 490b
> To improve interoperability, I would recommend to not add any TLS
> extensions when speaking SSLv3 - as implemented by the attached patch
> (against HEAD, but also applies cleanly to openssl_0_9_8-stable).
Given that TLS extensions are enabled by default as of 0.9.8j,
the importance of this patch
(http://rt.openssl.org/Ticket/Attachment/18486/7851/openssl-sslv3-no-tlsext.patch)
has slightly increased in the meantime, IMO. Can it be considered for
both 0.9.8 and the upcoming 1.0.0?
#     Sun Apr 26 19:12:11 2009  steve - Taken    
#     Wed Apr 29 00:11:59 2009  steve - Status changed from 'open' to 'resolved'    
#     Wed Apr 29 00:15:39 2009  steve - Status changed from 'resolved' to 'open'    
#     Wed Apr 29 00:36:19 2009  steve - Status changed from 'open' to 'resolved'    
»|« RT 3.4.5 Copyright 1996-2005 Best Practical Solutions, LLC.
Time to display: 0.632733